Hi
I want to announce the launch of the ActiveRBAC [1] project.
The aim of the project is to provide a comprehensive authentication
and authorization framework for Ruby On Rails based on the NIST RBAC
[2] standards and ideas.
A quick summary of the RBAC concept:
Permissions are assigned to roles instead of users. Roles are then
assigned to users and by this you can reflect the structure of an
organization in the authorization part of your application.
Additionally, not associating ACLs (really only permission lists) not
to users, but to roles, the authorization system is less error prone.
ActiveRBAC could become the common authentication and authorization
layer that RoR is currently lacking in order for RoR components to be
really interchangeable.
We currently have a basic working database structure following our
specification [3], ActiveRecord model classes and a simple but
working GUI. Heading for our "0.1" milestone which is currently
needing a lot of unit tests to be completed, we search for developers
who want to get in touch with the ActiveRBAC system by writing these
unit tests.
Future releases will include
* ActiveRecord and ActionController mixins to provide functions
similar to "attr_protected" so you can protect actions and your data
declaratively
* better configureability and hooks like "after_login" etc.
* a shining AJAX administration interface
... and ship with sweets or beer - depending on your preferences :)
Regards
Manuel Holtgrewe
[1] rbaconrails.turingstudio.com
[2] csrc.nist.gov/rbac
[3] rbaconrails.turingstudio.com/trac/wiki/FullSpecification
[4] lists.cloudcore.com/mailman/listinfo/rbac-dev